The old Open Security Training site had a course called Advanced x86:
BIOS and SMM Internals, which had a set of slides outlining the method
to supress SMIs by changing the GBL_SMI_EN bit. Add a reference to it as
this is where I originally learned of this method.
all it did was set -v in the shell, which doesn't yield
very useful results. this is a relic of very old design
in the libreboot build system, that is no longer needed.
Signed-off-by: Leah Rowe <leah@libreboot.org>
lbmk didn't quote certain arguments in commands, or
used ! -z instead of -n, things like that. simple fixes.
Signed-off-by: Leah Rowe <leah@libreboot.org>
most of these are probably redundant, and will never
be called, but lbmk needs to be as safe as possible
under fault conditions. fail early, fail hard.
Signed-off-by: Leah Rowe <leah@libreboot.org>
update/trees wasn't correctly returning non-zero status,
even though it was printing an error message, when git-am
failed. this is due to the way subshells work, and it was
overlooked in previous auditing.
additionally: don't directly copy trees to the destination,
instead patch/reset first, then copy only under normal
condition, just as with single-tree projects.
when running build/roms, the script would continue after
a bad git-am, without exit. this patch fixes it in the
most paranoid way possible. i'm now fairly confident that
lbmk will fail gracefully and efficiently, under error
conditions. this should prevent bad image builds.
Signed-off-by: Leah Rowe <leah@libreboot.org>
install libfreetype-dev, instead of libfreetype6-dev
this still works in debian stable (currently 12.2) but
fixes debian sid, as of 15 November 2023. my test machine
with debian sid could not install libfreetype6-dev, but
could install libfreetype-dev
Signed-off-by: Leah Rowe <leah@libreboot.org>
apparently some people use fat file systems for /boot
on linux systems
this is apparently a thing
it's ridiculous, but also a thing
a user reported they could not boot their t400 because
of those, because they have such a distro installed
on their machine
apparently it was a gentoo user
i don't really care. re-add 1980s dos file system support.
Signed-off-by: Leah Rowe <leah@libreboot.org>
Now the revision is:
64e3cee72ab8f5876abfebb263b5e6cf7c4a9a4e
The old revision was:
e58b870ff926415e23fc386af41ff81b2f588763
With this new revision update, the following patches have
been imported from the upstream GRUB project:
* 64e3cee72 gpt: Add compile time asserts for guid and gpt_partentry sizes
* 7de6fe963 types: Split aligned and packed guids
* 5fc985bfd gpt_partition: Mark grub_gpt_partentry as having natural alignment
* 7ad30299d efi: Deduplicate configuration table search function
* c6cf807fc lsefi: Add missing static qualifier
* a964e359b types: Fix typo
* 3f79e3b15 util/grub-mount: Check file path sanity
* 85e40b36e configure: Make the DJVU_FONT_SOURCE configurable with --with-dejavufont=FILE
* 2d6631d2a configure: Make the Unifont FONT_SOURCE configurable with --with-unifont=FILE
* 07318ee7e fs/xfs: Fix XFS directory extent parsing
* ad7fb8e2e fs/xfs: Incorrect short form directory data boundary check
* 4e10213de Revert "zfsinfo: Correct a check for error allocating memory"
* 4266fd2bb disk/i386/pc/biosdisk: Read up to 63 sectors in LBA mode
* cab04dcda kern/i386/pc/init: Flush cache only on VIA C3 and earlier
* 3c7e84257 fs/btrfs: Zero file data not backed by extents
* 4bcf6f747 kern/ieee1275/init: Restrict high memory in presence of fadump on ppc64
* cf58eca2a tests/util/grub-shell: Enable RNG device to better test stack smashing
* c3bdf263f kern/efi/init: Disable stack smashing protection on grub_efi_init()
* 95963d97f disk/cryptodisk: Add support for LUKS2 in (proc)/luks_script
* 016f14257 disk/cryptodisk: Optimize luks_script_get()
* f7a663c00 term/serial: Ensure proper NULL termination after grub_strncpy()
* a19e47ca4 commands/efi/lsefisystab: Print the UEFI specification revision in human readable form
Signed-off-by: Leah Rowe <leah@libreboot.org>
in cases where lbmk must always return from a function,
there are some cases where it relies on non-zero exit
status, which in practise is always the case, but may
change in the future if the relevant part is modified
e.g. do_something && return 0
the proper form is:
do_something
return 0
also do this for unconditional exits
Signed-off-by: Leah Rowe <leah@libreboot.org>
don't run it directly at the bottom of err.sh,
because otherwise the version and versiondate
files will be generated when running "./build
dependencies distroname" which would then create
these files, but as root because the user runs
that specific command as root.
the rest of lbmk, for any other command, prevents
use of the root account, so running check_project
during "./build dependencies distroname" will cause
the build system to fail (because as non-root user,
the user will run lbmk and it will try to update
those files, and fail because it can't, due to lack
of permissions)
this patch fixes the issue, by only generating those
files if the user is *not* root
Signed-off-by: Leah Rowe <leah@libreboot.org>
Fix a few issues with the E6430 configs to make it consistent with
configs for other boards and function as intended.
- Add VBT to CBFS: Although the VBT was enabled at the board level
Kconfig in a previous commit (CONFIG_INTEL_GMA_HAVE_VBT), the config
to actually add the VBT to CBFS was still unset.
- Enable the static option table: The old config would always use the
fallback values hard coded in the coreboot tree, rather than the
settings in the cmos.default file
- Enable DRAM clear on boot: This was not set previously, even though
most other boards set this for security.
Signed-off-by: Nicholas Chin <nic.c3.14@gmail.com>
now the docs are complete, in releases. they
contain the libreboot site, libreboot images,
the untitled static site generator and untitled
static site generator documentation.
Signed-off-by: Leah Rowe <leah@libreboot.org>
this replaces the previous behaviour, which erred
on a specific value of grub_errno, which was a
problem if other types of errors used that value.
due to the way i patch out the prefix error messages,
this new patch ensures that only those errors are
silenced. all other messages will be printed.
Signed-off-by: Leah Rowe <leah@libreboot.org>